Technologies that provide us with the greatest benefits often also expose us to great risks. In the case of the Internet, the risk is to your privacy, your files, your identity, and your precious bandwidth. This month an expanded Internet Tips digs a little deeper into two security areas that are becoming bigger issues to all users: wireless networks and file sharing.

The main drawback to a home or small-business network is the wiring. That's why wireless networking is the greatest advance since, well, the Internet. Just buy a wireless access point or router (using either the 802.11b or the faster 802.11a wireless protocol, also known as Wi-Fi and Wi-Fi5, respectively) and a few wireless client cards, install them, and boom--you can check your e-mail at the kitchen table, in bed, or just about anywhere else within a one- or two-block radius.

But therein lies the problem: Unless you've enabled the wireless router's security features, you may be sharing your Net connection with anybody who cruises slowly by, carrying a wireless-enabled notebook PC or PDA and a copy of NetStumbler.com's NetStumbler software for detecting networks. (Wireless-network infiltrators are known as war drivers; see this month's Privacy Watch, to learn more about war driving.) If your network has been insecure for a while, it may even show up in NetStumbler.com's nationwide database of wide-open wireless networks to check--and look out front for parked cars filled with notebook users).

Bandwidth theft isn't the worst part of leaving your wireless network insecure, however. A knowledgeable person can easily capture and view the contents of your wireless-network traffic, including e-mail messages and log-in passwords, or hijack your online identity for nefarious purposes, such as using your network and computers to attack other systems.

Security in the current Wi-Fi versions is inherently flawed. Until the more secure 802.11i version of Wi-Fi is approved, you can't fully secure your network against war drivers. But by employing multiple security techniques, you can make cracking into your Wi-Fi LAN difficult enough that access thieves will simply move on to another, less secure network.

Your unsecured home or office network isn't your only vulnerability, however. If the public Wi-Fi network you connect to at an airport, hotel, or coffee shop is unsecured, your passwords, e-mail, and other data are at risk. The person sitting next to you may be there for the cracking, not for the coffee. Here's how to stay safe:

Enable WEP: The 802.11b and 802.11a protocols each include an optional security element called Wireless Equivalent Privacy (WEP) that authenticates anyone who wants to access the wireless network, and encrypts all traffic. WEP is flawed in a number of ways that must drive the average cryptography expert right up the wall (University of Maryland computer science professor William A. Arbaugh gathers the damning evidence at "802.11 Security Vulnerabilities"). Still, some security is better than no security. Your Wi-Fi hardware manuals will tell you how to enable WEP.

Use 128-bit WEP: Wi-Fi equipment supports WEP encryption of either 40 bits or 128 bits. The weaker 40-bit WEP cipher, combined with WEP's other documented flaws, makes a system easy to crack. Nota bene: To use 128-bit WEP, you must first make sure that all wireless devices on the network support it. Enabling 128-bit WEP on your entire network might justify the expense of replacing your cards that don't support this higher-level security.

Choose good pass-phrases, or go hexadecimal: Part of the process of enabling WEP is to choose a pass-phrase. Unfortunately, an easily guessed pass-phrase makes WEP even simpler to bypass. Mix upper- and lowercase letters with nonalphabetic characters, don't use real words (including foreign ones), and avoid transparent tricks such as shifting your hands a key to the side, up, or down before typing an obvious password (like password), or making predictable character substitutions (such as pa55w0rd in place of paSSwOrd). Seasoned war drivers have dictionaries and other tools that run through all these tricks and permutations in no time.

Luckily, the pass-phrase is a convenience you can skip if you want--just make up your own hexadecimal WEP key (a series of two-digit hex numbers) and type it into the setup screens of your wireless router and card (see FIGURE 1). Hexadecimal (base 16) numbers start with zero and use the letters A through F as single-digit equivalents of the decimal (base 10) numbers 10 through 15, yielding two-digit quantities like 0B (decimal 11) and FF (decimal 255). Avoid building memorable keys using hex homonyms like A1, 3D, 4F, 2B, B4--the crackers have already thought of that, and they're looking for it.

Encrypt your e-mail log-in: One way to prevent snoops from snatching your mail server password is to use one of several secure log-in methods that encrypt the password before it travels across the network to your ISP's or company's server. Ask tech support which method, if any, is supported; then enable it in your e-mail program. Most support both Secure Password Authentication (SPA) and Secure Sockets Layer (SSL) log-ins (see FIGURE 2).

Use IPSec or a VPN: You can replace WEP altogether with one of two better-designed encryption and authentication protocols, although doing so is not for the tech-timid, and it's not cheap. IPSec is a secure version of the Internet Protocol (IP) networking protocol--the IP in TCP/IP. As long as both your computer and the wireless router or access point that it communicates with support IPSec, you can skip WEP. Windows XP supports IPSec (for instructions on enabling it, choose Start, Help and Support and search for IPSec to view a list of articles on the topic). Though wireless routers that support IPSec also exist, that $150 unit you picked up at CompUSA probably doesn't.

Virtual private networks are a different technology; a VPN creates a secure, encrypted tunnel running between your PC and a remote device (such as a router or your firm's mail server). Again, your operating system and router each need to support VPN connections (most versions of Windows do, but some routers do not). VPNs also provide an excellent solution to the insecurity of public wireless access.

Use 802.1x: Not content to wait around for the more secure 802.11i, several network product vendors support an ad hoc preliminary version called 802.1x that avoids most of WEP's weaknesses. As with IPSec and VPNs, both your wireless access point or router and the PC that communicates with it must speak 802.1x. Windows XP supports this protocol.

Install a firewall on every computer: Since the wireless network is essentially insecure, every computer on your LAN is basically unsafe. Installing one of the free firewalls mentioned earlier and setting it to allow access only to specific known machines on your network as needed (to share a printer, for example) will add an extra dollop of protection to keep Internet pests at bay and security at hand.

• See more like this:
• wireless,
• network,
• security,
• Internet,
• tips,
• WEP,
• file,
• sharing,
• SpamNetOutlook,
• spam,
• blocking